<div dir="ltr"><div dir="ltr">That's very helpful! So for this to work, both the RP and the Wallet(s) have to implement this complex logic and somehow turn it into something easy for the user :) I suspect we have a bunch of work to do in this regard though maybe that isn't specification work and just rather implementation work to differentiate solutions?<input name="virtru-metadata" type="hidden" value="{"email-policy":{"state":"closed","expirationUnit":"days","disableCopyPaste":false,"disablePrint":false,"disableForwarding":false,"enableNoauth":false,"persistentProtection":false,"expandedWatermarking":false,"expires":false,"isManaged":false},"attachments":{},"compose-id":"5","compose-window":{"secure":false}}"></div><br><div class="gmail_quote" style=""><div dir="ltr" class="gmail_attr">On Mon, May 16, 2022 at 1:27 PM David Chadwick <<a href="mailto:d.w.chadwick@verifiablecredentials.info">d.w.chadwick@verifiablecredentials.info</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hi George<br>
</p>
<div>On 16/05/2022 17:48, George Fletcher
wrote:<br>
</div>
<blockquote type="cite">
<div dir="auto">Thanks Torsten and David. I think you are getting
to the crux of my question at the end of your response David.
The Verifier/RP is willing to accept a DoB from a Driver’s
license, Passport and a financial institution but not the Boy
Scouts. </div>
<div dir="auto"><br>
</div>
<div dir="auto">How does the Verifier/RP specify those constraints
in the Request?</div>
</blockquote>
<p>This gets more complicated because now you have a disjunctive
request. So the RP will specify 3 alternative filters, one for the
DL type, one for the Passport type, and one for whatever type
banks issue that contain your DoB.</p>
<p>To do this you need to use the group extension of DIF PE, put
each filter in a different group (A, B and C) and then specify a
presentation submission saying that only one of these needs to be
returned, by using the from_nested construct.</p>
<p>Personally I think that the way disjunctive requests are
specified in DIF PE is not the most elegant way, nor is it in
disjunctive normal form, but it does allow to, for example, say
pick 2 from 5, which is long winded using normal forms.</p>
<p>On the plus side, DIF PE does allow the RP to specify any
arbitrarily complex set of requirements (by an equally complex
construct)<br>
</p>
<p>Kind regards</p>
<p>David<br>
</p>
<blockquote type="cite">
<div dir="auto"> Or is this a multiple step process where the RP
asks for a DoB and then gets one it won’t accept and asks again
requiring the user to choose a different credential with the
same claim?</div>
<div dir="auto"><br>
</div>
<div dir="auto">It’s fine if this level of standardization isn’t
happening yet.</div>
<div dir="auto"><br>
</div>
<div dir="auto">Thanks,</div>
<div dir="auto">George</div>
<div><br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, May 16, 2022 at
12:31 PM David Chadwick via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hi George</p>
<p>I can supplement what Torsten said below by adding that
multiple different types of credentials might have the
same schema. For example, a credit card schema could be
used by Amex, Visa and Mastercard types. So instead of
filtering on the credentialSchema property, which could
cover several different types of credential, you might
prefer to filter on the "type" property, which should be
more narrowly scoped to just one type of credential.
Note that it is unlikely that driving license and
passport types, which both contain the DoB property,
will use the same credentialSchema, so filtering on the
latter would not work for DoB in this case.</p>
<p>Ultimately the RP has to decide what type of credential
it is willing to accept. (It might not accept a boys
scout credential for providing DoB)<br>
</p>
<p>Kind regards</p>
<p>David<br>
</p>
</div>
<div>
<div>On 16/05/2022 16:56, Torsten Lodderstedt via
Openid-specs-ab wrote:<br>
</div>
<blockquote type="cite"> Hi George,
<div>
<div><br>
<blockquote type="cite">
<div>Am 16.05.2022 um 15:54 schrieb George
Fletcher via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a>>:</div>
<br>
<div>
<div dir="ltr">Hi,
<div><br>
</div>
<div>What would I use in the current spec as a
relying party to inform the wallet that I
need an "age over 13“ claim </div>
</div>
</div>
</blockquote>
<div><br>
</div>
First of all you need to request that contains such
a claim. We use Presentation Exchange as language
for that, in this case the so-called
presentation_definition. </div>
<div><br>
</div>
<div>It may restrict the desired result by defining a
constraint, in this case over the credentialSchema.
The following requests an „idcard" credential. </div>
<div><br>
</div>
<div>"presentation_definition":{<br>
"constraints": {<br>
"fields": [<br>
{<br>
"path": [<br>
"$.<a href="https://urldefense.com/v3/__http://credentialSchema.id__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAQ4apws8$" target="_blank">credentialSchema.id</a>"<br>
],<br>
"filter": {<br>
"type": "string",<br>
"pattern": "<a href="https://urldefense.com/v3/__https://example.org/idcard__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAp8DP56Y$" target="_blank">https://example.org/idcard</a>"<br>
}<br>
}<br>
]<br>
}<br>
}<br>
<br>
Note: the concrete paths and patterns depend on the
credential format (here JSON-LD/LD Proofs). <br>
<div><br>
</div>
<div>You may also explicitly request a certain claim
by defining a further path, such as </div>
<div><br>
</div>
{"path":["$.values.is_over_13"]}, </div>
<div><br>
</div>
<div>This would require a „is_over_13“ booelan claim
to be present in the credential. </div>
<div><br>
</div>
<div>Something more generic could perhaps be
implemented using PE`s predicate feature. I assume
the support of this feature depends on certain
credential format & crypto suite capabilities.
Here is a (made up) example:</div>
<div><br>
</div>
<div>{<br>
"path":[<br>
"$.dob"<br>
],<br>
"filter":{<br>
"type":"number",<br>
"min":1242489139<br>
}<br>
}
<div><br>
</div>
<br>
<blockquote type="cite">
<div>
<div dir="ltr">
<div>and it can be form one of N issuers that
the Verifier/RP trusts? </div>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>The recommended way is to use a claim in the
credential conveying the trust
framework/federation the issuer shall belong to.
Here is an example: </div>
<div><br>
</div>
<div>
<div>{</div>
<div> "vp_token": {</div>
<div> "presentation_definition": {</div>
<div> "id": "32f54163-7166-48f1",</div>
<div> "input_descriptors": [</div>
<div> {</div>
<div> "id":
"federationExample",</div>
<div> "purpose": "To pick a UK
university that is a member of the UK academic
federation",</div>
<div> "constraints": {</div>
<div> "fields": [,</div>
<div> <b>{</b></div>
<div><b> "path": [</b></div>
<div><b>
"$.termsOfUse.federations"</b></div>
<div><b> ],</b></div>
<div><b> "filter":
{</b></div>
<div><b>
"type": "string",</b></div>
<div><b>
"const": "<a href="https://urldefense.com/v3/__http://ukuniversities.ac.uk__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAAcUYuKc$" target="_blank">ukuniversities.ac.uk</a>"</b></div>
<div><b> }</b></div>
<div><b> }</b></div>
<div> ]</div>
<div> }</div>
<div> }</div>
<div> ]</div>
<div> }</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div>The verifier will need to check that
relationship using a registry. </div>
<div><br>
</div>
</div>
<div>There is text about this in the spec at <a href="https://urldefense.com/v3/__https://openid.bitbucket.io/connect/openid-connect-4-verifiable-presentations-1_0.html*name-support-for-federations-tru__;Iw!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UA1GqAZ4U$" target="_blank">https://openid.bitbucket.io/connect/openid-connect-4-verifiable-presentations-1_0.html#name-support-for-federations-tru</a></div>
<div><br>
</div>
<br>
<blockquote type="cite">
<div>
<div dir="ltr">
<div>I'm losing that context in all the JSON
examples :)</div>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>I hope that helps. </div>
<div><br>
</div>
<div>best regards,</div>
<div>Torsten. </div>
<br>
<blockquote type="cite">
<div>
<div dir="ltr">
<div><br>
</div>
<div>Thanks,</div>
<div>George<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">
<div dir="ltr">
<div style="font-family:optimist,Arial,Helvetica,sans-serif;font-size:16px;float:left;width:102px;padding-top:4px;padding-right:6px;display:inline-block;vertical-align:top;height:100px;color:rgb(28,43,57)"><img src="https://d2p9w4ui8rp50l.cloudfront.net/m/778c2ded498644ec/original/capital-one-logo-emailsig.png" alt="Capital One" style="vertical-align: middle; border-style: none; width: 80px; height: 28px; max-width: 80px; display: block; font-size: 14px; font-weight: 600; font-family: Optimist; color: rgb(1, 61, 91);" width="80"></div>
<div>
<div style="font-size:14px;line-height:1.5em;font-weight:600;color:rgb(1,61,91);margin:0px">George
Fletcher (he/him)</div>
<p style="margin:0px 0px 16px;font-size:12px;line-height:16px;white-space:nowrap;color:rgb(1,61,91)">Executive
Distinguished Engineer • Identity
Architect<br>
<img src="https://d2p9w4ui8rp50l.cloudfront.net/m/1465f66c3ad833b4/original/locationpin-emailsig.png" alt="address" style="vertical-align: middle; border-style: none; width: 8px; margin-right: 3px;"><span style="font-family:optimist,Arial,Helvetica,sans-serif;line-height:1.4"><span style="font-family:optimist,Arial,Helvetica,sans-serif"><a href="https://urldefense.com/v3/__https://www.google.com/maps/search/8020*Towers*Crescent*0D*0A**cDrive,*Vienna,*VA?entry=gmail&source=g__;KyslJSsrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysr!!FrPt2g6CO4Wadw!I1LiQ9hb4bDIBa3aH7cH0kXKero7Ge3TQLVMETZeJJjLtmMV5bIkLycDEMr8DE0j9j-4NmeRKaZR744QhQIEwT3kiqCWnVyBDMObcuggvW4AdA$" style="font-family:optimist,Arial,Helvetica,sans-serif" target="_blank">8020
Towers Crescent Drive, Vienna,
VA</a> 22128</span><br>
<img src="https://d2p9w4ui8rp50l.cloudfront.net/m/0517871018033b5e/original/mobilephone-emailsig.png" alt="mobile" style="vertical-align: middle; border-style: none; width: 5px; height: 9px; margin-right: 6px; font-family: optimist, Arial, Helvetica, sans-serif;"><span style="font-family:optimist,Arial,Helvetica,sans-serif">616-498-8240</span><br>
<br>
<span style="line-height:1.4;font-family:optimist,Arial,Helvetica,sans-serif">assistant: </span><img src="https://d2vppzocvtms05.cloudfront.net/media/24B3C89B-18F1-45C0-951FA826F175026F/6D4F56A7-CA22-4255-8A435780C72278FA/webimage-D978F7E8-C634-4B49-9843C19E38F5C471.png" alt="email" style="vertical-align: middle; border-style: none; width: 10px; margin-left: 5px; margin-right: 2px; font-family: optimist, Arial, Helvetica, sans-serif;" height="7"><span style="line-height:1.4;font-family:optimist,Arial,Helvetica,sans-serif"> <a href="mailto:sharon.anderson@capitalone.com" style="font-family:optimist,Arial,Helvetica,sans-serif" target="_blank">sharon.anderson@capitalone.com</a></span></span></p>
</div>
</div>
</div>
</div>
</div>
<hr><br>
<br>
<font style="color:rgb(64,64,64)">The
information contained in this e-mail is
confidential and/or proprietary to Capital One
and/or its affiliates and may only be used
solely in performance of work or services for
Capital One. The information transmitted
herewith is intended only for use by the
individual or entity to which it is addressed.
If the reader of this message is not the
intended recipient, you are hereby notified
that any review, retransmission,
dissemination, distribution, copying or other
use of, or taking of any action in reliance
upon this information is strictly prohibited.
If you have received this communication in
error, please contact the sender and delete
the material from your computer.</font><br>
<br>
<table width="100%" height="30" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
</tr>
</tbody>
</table>
<br>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAVHlBKAI$" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<pre style="font-family:monospace">_______________________________________________
Openid-specs-ab mailing list
<a href="mailto:Openid-specs-ab@lists.openid.net" style="font-family:monospace" target="_blank">Openid-specs-ab@lists.openid.net</a>
<a href="https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAVHlBKAI$" style="font-family:monospace" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAVHlBKAI$" rel="noreferrer" target="_blank">https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAVHlBKAI$</a>
<br>
</blockquote>
</div>
</div>
-- <br>
<div dir="ltr">
<div dir="ltr">
<div style="font-family:optimist,Arial,Helvetica,sans-serif;color:rgb(28,43,57);font-size:16px;float:left;width:102px;padding-top:4px;padding-right:6px;display:inline-block;vertical-align:top;height:100px"><img src="https://d2p9w4ui8rp50l.cloudfront.net/m/778c2ded498644ec/original/capital-one-logo-emailsig.png" alt="Capital One" style="vertical-align: middle; border-style: none; width: 80px; height: 28px; max-width: 80px; display: block; color: rgb(1, 61, 91); font-size: 14px; font-weight: 600; font-family: Optimist;" width="80"></div>
<div>
<p style="font-size:14px;line-height:1.5em;font-weight:600;color:rgb(1,61,91);margin:0px">George
Fletcher (he/him)</p>
<p style="margin:0px 0px 16px;font-size:12px;line-height:16px;color:rgb(1,61,91);white-space:nowrap">Executive
Distinguished Engineer • Identity Architect<br>
<img src="https://d2p9w4ui8rp50l.cloudfront.net/m/1465f66c3ad833b4/original/locationpin-emailsig.png" alt="address" style="vertical-align: middle; border-style: none; width: 8px; margin-right: 3px;"><span style="font-family:optimist,Arial,Helvetica,sans-serif;line-height:1.4"><span>8020
Towers Crescent Drive, Vienna, VA 22128</span><br>
<img src="https://d2p9w4ui8rp50l.cloudfront.net/m/0517871018033b5e/original/mobilephone-emailsig.png" alt="mobile" style="vertical-align: middle; border-style: none; width: 5px; height: 9px; margin-right: 6px;"><span>616-498-8240</span><br>
<br>
<span style="line-height:1.4">assistant: </span><img src="https://d2vppzocvtms05.cloudfront.net/media/24B3C89B-18F1-45C0-951FA826F175026F/6D4F56A7-CA22-4255-8A435780C72278FA/webimage-D978F7E8-C634-4B49-9843C19E38F5C471.png" alt="email" style="vertical-align: middle; border-style: none; width: 10px; margin-left: 5px; margin-right: 2px;" height="7"><span style="line-height:1.4"> <a href="mailto:sharon.anderson@capitalone.com" target="_blank">sharon.anderson@capitalone.com</a></span></span></p>
</div>
</div>
</div>
<hr><br>
<br>
<font color="#404040">The information contained in this e-mail is
confidential and/or proprietary to Capital One and/or its
affiliates and may only be used solely in performance of work or
services for Capital One. The information transmitted herewith
is intended only for use by the individual or entity to which it
is addressed. If the reader of this message is not the intended
recipient, you are hereby notified that any review,
retransmission, dissemination, distribution, copying or other
use of, or taking of any action in reliance upon this
information is strictly prohibited. If you have received this
communication in error, please contact the sender and delete the
material from your computer.</font><br>
<br>
<table width="100%" height="30" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
</tr>
</tbody>
</table>
<br>
</blockquote>
</div>
</blockquote></div></div>
<HR><table border="0" cellspacing="0" cellpadding="0" width="100%" height="30"><BR>
<tr><BR>
<font color="#404040">The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.</font></td><BR>
</tr><BR>
</table><BR>